Fake OpenAI Tenants Target Cybersecurity Firms in 'Poisoned Tenant' Social Engineering Campaign

A sophisticated social engineering campaign dubbed 'Poisoned Tenant' is targeting employees at cybersecurity firms using fraudulent OpenAI organization invitations. Security vendor Push Security discovered the campaign after multiple employees received invites to join a fake ChatGPT workspace impersonating their own company.

The invitations came from OpenAI's legitimate notification email address and passed email authentication checks. Push Security told BleepingComputer that all known targets work in cybersecurity or technology.

Attacker Tactics: Research, CEO Impersonation, and Prepaid Accounts

Push Security researcher Luke Jennings accepted one invitation to investigate. He was immediately added to an organization impersonating Push Security and containing a single attacker-controlled account that used a Gmail address posing as the company's CEO, Adam Bateman. Invited employees were granted Owner privileges, giving them full administrative access to the tenant. The attackers had even attached a Visa credit card to the organization's billing account.

• The attackers researched specific employees before sending invitations.
• The fraudulent organizations contain no chats or projects, suggesting the goal is to collect submitted sensitive information over time.
• Sensitive data at risk includes source code, internal documents, customer data, security research, and strategic plans.
• Because invitations originate from OpenAI's own infrastructure, they bypass typical email security controls.
• Push Security recommends employee training and monitoring of SaaS organization memberships.

Broader Cyber Landscape: Polymarket Breach, TinyRCT Backdoor, and Open Source Risks

In separate incidents, prediction market platform Polymarket confirmed user funds were stolen during a cyberattack. The company stated it is refunding affected users in full. The attack caused an estimated $3 million in losses for customers and is described as a supply-chain incident.

Meanwhile, Palo Alto Networks researchers identified a Chinese-speaking advanced persistent threat actor, tracked as CL-STA-1062, deploying a new custom backdoor called TinyRCT. The campaign targets government entities and state-owned enterprises in the energy and government sectors across Southeast Asia.

Amid these threats, the Open Source Sustainability Initiative launched with the goal of helping enterprises manage and secure aging open source projects. The initiative aims to address the growing risk of abandoned or end-of-life open source software while maintaining regulatory compliance.